TCPCopy是用来做TCP重放的,常用的场景是把线上流量复制到测试环境,用来排查线下不容易重现的问题,或者对测试环境做压力测试。(HTTPS不能进行压力测试,由于数据加密)
一、需求:将线上流量引入测试环境
原本打算直接对nginx流量进行引流,但是由于网站采用https加密的。引流不成功。只能针对对单应用http进行引流
- 1、应用关系
应用 源服务器 目前测试服务器
demo-app 10.1.3.74:7001 192.168.54.62:82
- 2、主机关系表
线上服务器 10.1.3.74:7001
测试服务器 192.168.54.62:82
intercept(辅助服务器) 10.1.2.40
online--->中转服务器1 10.1.2.41 ---》中转服务器2 192.168.77.84 -->测试服务器
二、网络打通,借助rinetd or haproxy
需求:online--->中转服务器1 10.1.2.41 ---》中转服务器2 192.168.77.84 -->测试服务器.
由于线上环境,和测试环境不是互通,需要经过2层网路转发才能抵达测试服务器,此处借助 rinetd进行网路转发.
- 1、中转服务器1:10.1.2.41安装 rinetd
[root@vm-phx-k8s-master-0241 ~]# cat /etc/rinetd.conf
10.1.2.41 7001 192.168.77.84 7001
10.1.2.41 7002 192.168.77.84 7002
10.1.2.41 7003 192.168.77.84 7003
10.1.2.41 7004 192.168.77.84 7004
10.1.2.41 7005 192.168.77.84 7005
10.1.2.41 7006 192.168.77.84 7006
10.1.2.41 7007 192.168.77.84 7007
- 启动命令:/root/rinetd/rinetd -c /etc/rinetd.conf
- 2、中转服务器2:192.168.77.84 安装 rinetd
[root@vm-l2f-umicen-app-7784 ~]# cat /etc/rinetd.conf
192.168.77.84 7001 192.168.54.62 82
192.168.77.84 7002 192.168.47.136 8080
192.168.77.84 7003 192.168.42.169 8080
192.168.77.84 7004 192.168.47.202 8080
192.168.77.84 7005 192.168.47.37 8080
192.168.77.84 7006 192.168.42.148 8080
192.168.77.84 7007 192.168.43.41 8080
- 启动命令:/root/rinetd/rinetd -c /etc/rinetd.conf
*3 rinetd 重启动脚本
代码语言:javascript复制#!/bin/bash
source /etc/profile
kill -9 $(ps -ef |grep "/root/rinetd/rinetd" |grep -v "grep" |grep -v bash|awk '{print $2}')
ps aux |grep "/root/rinetd/rinetd"
sleep 1
/root/rinetd/rinetd -c /etc/rinetd.conf
- 3、 使用haproxy进行TCP端口转发,更加高效稳定(此处给去快速安装脚本),中转配置需自己进行修改(我们此处采用的是rinetd,简单,但是网络转发久了。不稳定)
#!/bin/bash
source /etc/profile
yum -y install haproxy
cd /etc/haproxy
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.backup
cat >> /etc/haproxy/harpoxy.cfg << EOF
global
ulimit-n 51200
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option dontlognull
timeout connect 600
timeout client 5m
timeout server 5m
frontend tcp-7001
bind *:7001
default_backend tcp-port-7001
backend tcp-port-7001
server server1 192.168.77.84:7001 maxconn 20480
listen admin_stat
bind 0.0.0.0:1080
mode http
stats refresh 30s
stats uri /haproxy_stats_url
stats realm Haproxy Statistics
stats auth admin:123456
stats hide-version
stats admin if TRUE
EOF
systemctl enable haproxy.service
systemctl start haproxy.service三、辅助服务器运行部署:10.1.2.40
- 1、安装
wget https://github.com/session-replay-tools/intercept/archive/1.0.0.tar.gz
tar -xvf 1.0.0.tar.gz
cd intercept-1.0.0/
./configure
yum install libpcap* -y
make && make install
- 2、执行
- 命令案例:
/usr/local/intercept/sbin/intercept -i ens33 -l /var/log/intercept.log -F tcp and src port 7001 -d
-i, intercept会监听端口,和tcpcopy进行通信,-i就是指定监听在哪个端口。tcpcopy启动的时候会来连这个端口,如果连不上,就会启动失败。(erh0为网卡名)
-F, 过滤规则,语法和pcap一样。
-d, 已守护进程方式运行
- 脚本:(由于我的环境过滤源端口比较多,直接监听过滤所有tcp协议,不指定端口)
[root@vm-phx-k8s-master-0240 scripts]# cat /root/scripts/intercept.sh
#!/bin/bash
souce /etc/profile
/usr/local/intercept/sbin/intercept -i ens33 -l /var/log/intercept.log -F tcp -d
- 3、关闭转发功能,扮演黑洞功能
修改/etc/sysctl.conf
net.ipv4.ip_forward=0
执行sysctl -p
四、线上服务器部署:10.1.3.74
- 1、安装
wget https://github.com/session-replay-tools/tcpcopy/archive/1.0.0.tar.gz
tar zxvf 1.0.0.tar.gz
cd tcpcopy-1.0.0
./configure && make && make install
- 2、执行
- 脚本:tcpcopy.sh
[root@online ~]# cat /root/tcpcopy/tcpcopy.sh
#!/bin/bash
source /etc/profile
/usr/local/tcpcopy/sbin/tcpcopy -x 7001-10.1.2.41:7001 -s 10.1.2.40 -c 10.1.5.x -l /var/log/tcpcopy.log -d
- 案例命令:
测试命令为:/usr/local/tcpcopy/sbin/tcpcopy -x 源端口-测试机器:测试端口 -s intercept机器地址 -c 模拟IP段 -l /var/log/tcpcopy.log
/usr/local/tcpcopy/sbin/tcpcopy -x 7001-10.1.2.41:7001 -s 10.1.2.40 -c 10.1.5.x -l /var/log/tcpcopy.log -d
-x, 是指本机8000端口的流量copy到192.168.2.30的6001端口
-s, 指定intercept机器的地址,tcpcopy要和intercept建立连接
-c 伪装地址,在把流量复制到测试服务器的时候,修改数据包的源地址为10.1.5.2,这样方便指定路由。也可以写成10.1.5.x,这样源地址就是指定网段中的地址了。
-n 流量放大倍数,如果不是压测目的就不用指定这个参数。
-d 以守护模式运行
五、测试服务器,添加路由(我们当前是端口转发,测试服务器为10.1.2.41,realserver:192.168.54.62:82)
在10.1.2.41服务执行路由命令
代码语言:javascript复制route add -net 10.1.5.0 netmask 255.255.255.0 gw 10.1.2.40六、校验tcpcopy是否访问成功(通过观察线上的日志,和测试日志对比)
- 1、检查线上服务器访问日志
[root@online en]# pwd
/home/app/log/
[root@online en]# tail -n 10 en.log
2020-10-30 10:34:10,755 [http-0.0.0.0:7001-1$2125991095] WARN com.ActionServlet [01] /eHome.do?xcase=index,908,661768202,39.88.110.24,00,TguNTYuMTUwLjE0MjAyMDEwMjIxMDE1MTI3NzE4NTQ5NTAzOAN,TExNDAwMjM0NzA3NDg4MjQ6MzkuODguMTEwLjI0OjY2MTc2ODIwMjowMAM,jAyMDEwMzAxMDM0MDIzNDkwMDA6MTk0MTk3MDMwODE4MTUyNjU3NDQM
2020-10-30 10:34:10,996 [http-0.0.0.0:7001-16$580927107] WARN com.ActionServlet [01] /ajaxfunction.do?xcase=ajaxlogonconnection&t=1604025241961&_=1604025241962,23,616549844,103.116.47.92,7403105,TAzLjExNi40Ny45MjIwMjAxMDIzMTA0NzQwODI5OTkyMjU2NzgM,TExMzk1MzY1MzcxMzA3Nzc6MTAzLjExNi40Ny45Mjo2MTY1NDk4NDQ6NzQwMzEwNQM,jAyMDEwMzAxMDMzMjA1NTIwMDA6MDExNTkzOTQ3MDAzNjA3NzM0MDkM
2020-10-30 10:34:23,375 [http-0.0.0.0:7001-4$1345458085] WARN com.ActionServlet [01] /iar.do?catId=5&xcase=index,66,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:23,621 [http-0.0.0.0:7001-3$1863279517] WARN com.ActionServlet [01] /eHomeHotActivity.do?xcase=index,191,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:23,691 [http-0.0.0.0:7001-1$2125991095] WARN com.ActionServlet [01] /eHomeExcellentService.do?xcase=index,24,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:23,752 [http-0.0.0.0:7001-16$580927107] WARN com.ActionServlet [01] /eHomeOnlineCourse.do?xcase=index,17,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:23,815 [http-0.0.0.0:7001-13$1113166511] WARN com.ActionServlet [01] /eHomeOnlineCourse.do?demandTypeName=vod&pageNumber=1&xcase=list,19,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:38,866 [http-0.0.0.0:7001-15$38163862] WARN com.ActionServlet [01] /eHome.do?xcase=sucStoryDetail&pasId=heKnNEDdHxlA,4896,616274054,112.232.32.190,3991982,TI0LjEzMy4yMjUuODEyMDIwMDcyMjE1NTAxMTk4NjU2MjY5ODU5M,TExNDAwMjEyMjEyOTk4MzI6MTEyLjIzMi4zMi4xOTA6NjE2Mjc0MDU0OjM5OTE5ODIM,jAyMDEwMzAxMDM0MDAxMDAwMDA6MDE3MDcyMzE3MjYyNzkwMDUyODAM
2020-10-30 10:34:40,557 [http-0.0.0.0:7001-14$82426960] WARN com.ActionServlet [01] /ajaxfunction.do?xcase=ajaxlogonconnection&time=1604025279782,22,616274054,112.232.32.190,3991982,TI0LjEzMy4yMjUuODEyMDIwMDcyMjE1NTAxMTk4NjU2MjY5ODU5M,TExNDAwMjEyMjEyOTk4MzI6MTEyLjIzMi4zMi4xOTA6NjE2Mjc0MDU0OjM5OTE5ODIM,jAyMDEwMzAxMDM0MDAxMDAwMDA6MDE3MDcyMzE3MjYyNzkwMDUyODAM
2020-10-30 10:34:43,619 [http-0.0.0.0:7001-2$405165860] WARN com.ActionServlet [01] /ajaxfunction.do?xcase=ajaxlogonconnection&t=1604025282858&_=1604025282859,9,616274054,112.232.32.190,3991982,TI0LjEzMy4yMjUuODEyMDIwMDcyMjE1NTAxMTk4NjU2MjY5ODU5M,TExNDAwMjEyMjEyOTk4MzI6MTEyLjIzMi4zMi4xOTA6NjE2Mjc0MDU0OjM5OTE5ODIM,jAyMDEwMzAxMDM0MDAxMDAwMDA6MDE3MDcyMzE3MjYyNzkwMDUyODAM
- 2、检查测试服务器检查日志
[root@515f0f3d2b8f log]# tail -n 10 appen_visiting.log
2020-10-30 10:34:10,999 [http-0.0.0.0:82-24$967804219] WARN appen_visiting /ajaxfunction.do?xcase=ajaxlogonconnection&t=1604025241961&_=1604025241962,9,0,103.116.47.92,00,TAzLjExNi40Ny45MjIwMjAxMDIzMTA0NzQwODI5OTkyMjU2NzgM,TExMzk1MzY1MzcxMzA3Nzc6MTAzLjExNi40Ny45Mjo2MTY1NDk4NDQ6NzQwMzEwNQM,jAyMDEwMzAxMDMzMjA1NTIwMDA6MDExNTkzOTQ3MDAzNjA3NzM0MDkM
2020-10-30 10:34:23,414 [http-0.0.0.0:82-22$1268241439] WARN appen_visiting /iar.do?catId=5&xcase=index,85,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:23,499 [http-0.0.0.0:82-22$1268241439] WARN appen_visiting /eHomeHotActivity.do?xcase=index,48,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:23,731 [http-0.0.0.0:82-27$1931835655] WARN appen_visiting /eHomeExcellentService.do?xcase=index,46,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:23,792 [http-0.0.0.0:82-24$1046816159] WARN appen_visiting /eHomeOnlineCourse.do?xcase=index,37,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:23,853 [http-0.0.0.0:82-25$1258927498] WARN appen_visiting /eHomeOnlineCourse.do?demandTypeName=vod&pageNumber=1&xcase=list,36,0,123.234.64.23,00,null,null,null
2020-10-30 10:34:34,005 [http-0.0.0.0:82-25$1268241439] WARN appen_visiting /eHome.do?xcase=sucStoryDetail&pasId=heKnNEDdHxlA,12,0,112.232.32.190,00,TI0LjEzMy4yMjUuODEyMDIwMDcyMjE1NTAxMTk4NjU2MjY5ODU5M,TExNDAwMjEyMjEyOTk4MzI6MTEyLjIzMi4zMi4xOTA6NjE2Mjc0MDU0OjM5OTE5ODIM,jAyMDEwMzAxMDM0MDAxMDAwMDA6MDE3MDcyMzE3MjYyNzkwMDUyODAM
2020-10-30 10:34:40,561 [http-0.0.0.0:82-17$1585363137] WARN appen_visiting /ajaxfunction.do?xcase=ajaxlogonconnection&time=1604025279782,9,0,112.232.32.190,00,TI0LjEzMy4yMjUuODEyMDIwMDcyMjE1NTAxMTk4NjU2MjY5ODU5M,TExNDAwMjEyMjEyOTk4MzI6MTEyLjIzMi4zMi4xOTA6NjE2Mjc0MDU0OjM5OTE5ODIM,jAyMDEwMzAxMDM0MDAxMDAwMDA6MDE3MDcyMzE3MjYyNzkwMDUyODAM
2020-10-30 10:34:43,636 [http-0.0.0.0:82-21$1258927498] WARN appen_visiting /ajaxfunction.do?xcase=ajaxlogonconnection&t=1604025282858&_=1604025282859,8,0,112.232.32.190,00,TI0LjEzMy4yMjUuODEyMDIwMDcyMjE1NTAxMTk4NjU2MjY5ODU5M,TExNDAwMjEyMjEyOTk4MzI6MTEyLjIzMi4zMi4xOTA6NjE2Mjc0MDU0OjM5OTE5ODIM,jAyMDEwMzAxMDM0MDAxMDAwMDA6MDE3MDcyMzE3MjYyNzkwMDUyODAM
2020-10-30 10:34:44,518 [http-0.0.0.0:82-20$1908430742] WARN appen_visiting /eHome.do?xcase=index,121,0,168.70.105.82,00,jIxLjE3Ni4xNTQuMTY2MjAyMDA5MjYwODU4MTg4MDU4Mzk4NTY3MwM,TExMzY0NjMwOTM1NTY5NTk6MTQuMS4yOC40NDo2MTU0MDgyNDQ6MzQ5ODQ3MgM,jAyMDEwMzAwOTQwMzcxNTAwMDA6MDUwNjk4MDU0NDEzMzQyMTM1MTEM
七、ansible 批量脚本
代码语言:javascript复制[root@app1 ansible]# cat hosts_temp
[tcpcopy]
10.1.3.74 ansible_python_interpreter=/usr/bin/python26
10.1.6.233
10.1.6.197
10.1.6.185
10.1.6.215
10.1.6.184
10.1.6.133
10.1.5.4
10.1.5.144
10.1.6.193
10.1.6.157
10.1.3.115 ansible_python_interpreter=/usr/bin/python26
10.1.6.190
10.1.6.208
10.1.6.211
10.1.6.214
192.168.70.232
192.168.3.78
10.1.6.172
192.168.70.148
192.168.77.211
10.1.6.126
10.1.6.162
[root@app5 ~]# cat /root/tcpcopy/tcpcopy.sh
#!/bin/bash
source /etc/profile
/usr/local/tcpcopy/sbin/tcpcopy -x 7001-10.1.2.41:7001 -s 10.1.2.40 -c 10.1.5.x -l /var/log/tcpcopy.log -d
ansible -i hosts_temp tcpcopy -m shell -a 'pkill tcpcopy'
ansible -i hosts_temp tcpcopy -m shell -a 'sh -x /root/tcpcopy/tcpcopy.sh'
